Cannot create certificate using ddns

nikita-fuchs · July 30, 2023, 8:55pm

Hello, I’m trying to set up a small home server which should be reachable publicly.

ran the docker command from How to Install the Nextcloud All-in-One on Linux - Nextcloud
forwarded the mentioned ports in my router and tested successfully with telnet
In order to obtain a certificate, I followed the instructions in the console and opened the according url in my browser, mySubdomain.duckdns.org
I get this error:

[Sun Jul 30 20:33:05.817938 2023] [core:notice] [pid 115:tid 548424269920] AH00094: Command line: 'httpd -D FOREGROUND'
{"level":"error","ts":1690749225.2060425,"logger":"http.acme_client","msg":"challenge failed","identifier":"<censored>.duckdns.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2.203.144.253: Fetching http://<censored>.duckdns.org/.well-known/acme-challenge/P4ctuX2CJr_LgXaiCH1RlYzvFpPFnxVZL6NG_EY39f4: Error getting validation data","instance":"","subproblems":[]}}
{"level":"error","ts":1690749225.2068815,"logger":"http.acme_client","msg":"validating authorization","identifier":"<censored>.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2.203.144.253: Fetching http://<censored>.duckdns.org/.well-known/acme-challenge/P4ctuX2CJr_LgXaiCH1RlYzvFpPFnxVZL6NG_EY39f4: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1232741916/198353093666","attempt":1,"max_attempts":3}
{"level":"error","ts":1690749225.2076628,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"<censored>.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 2.203.144.253: Fetching http://<censored>.duckdns.org/.well-known/acme-challenge/P4ctuX2CJr_LgXaiCH1RlYzvFpPFnxVZL6NG_EY39f4: Error getting validation data"}
{"level":"error","ts":1690749225.2077765,"logger":"tls.obtain","msg":"will retry","error":"[<censored>.duckdns.org] Obtain: [<censored>.duckdns.org] solving challenge: <censored>.duckdns.org: [<censored>.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 2.203.144.253: Fetching http://<censored>.duckdns.org/.well-known/acme-challenge/P4ctuX2CJr_LgXaiCH1RlYzvFpPFnxVZL6NG_EY39f4: Error getting validation data (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.897703054,"max_duration":2592000}

I’ve tried other ddns providers, but the error looked the same. The ddns accounts are all brand new, can that play a role?

What am I doing wrong ?

szaimen · July 30, 2023, 10:51pm

Hi, see What can I do when Nextcloud is not reachable via my domain or if I get `SSL_ERROR_INTERNAL_ERROR_ALERT` when opening my Nextcloud domain? · nextcloud/all-in-one · Discussion #2105 · GitHub

nikita-fuchs · August 1, 2023, 8:28am

thank you, I likely forgot to forward port 443. After doing so, I’m getting these errors:

{"level":"error","ts":1690838695.2449262,"logger":"tls.obtain","msg":"will retry","error":"[2.203.144.253] Obtain: subject does not qualify for a public certificate: 2.203.144.253","attempt":1,"retrying_in":60,"elapsed":0.000941795,"max_duration":2592000}

Is there any example with a ddns provider which is confirmed working? I can’t find none, maybe it’s just an issue with duckdns though ?

nikita-fuchs · August 3, 2023, 6:15pm

push sorry for bothering, but I can’t find any working example/guide of this setup method, is there any other way to set up AIO with SSL encryption?

EDIT: I’ve resest the port forwarding in my router, made sure 443, 8080, 8443 and 80 are forwarded, and then SSL worked. thanks.